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CLAIMS 

1. (previously presented) A melliod for creating a proof of possession 
confirmation for inclusion by a cerli ficatiou authority into a digital certificate, the digital 
certificate for use by an end user, the method comprising: 

receiving, from the certification authority in response to a certi ficatc 
request by the cud user, a plurality of data fields corresponding to a target host system, the 
identity of the end user, and a proof of identity possession by the end user; 

analyzing the content of said plurality of data fields; 

verifying the accuracy of said plurality of data fields; and 

if said plurality of data fields is verified as accurate, sending a signed 
object to the certification authority, said signed object comprising the proof of possession 
confirmation, wherein said proof of possession confirmation is constructed in a manner 
so as to prevent replay attacks by an impostor. 

2. (original) The method of claim 1, wherein said plurality of data fields 
further comprises: 

a host name; 

a subject identification; 

a subject public key information; and 

a scaled proof of possession. 

3. (original) The method of claim 2, wherein analyzing the content of said 
plurality of data fields further comprises: 

decrypting a proof of possession structure from said scaled proof of 

possession; 

extracting a password from said scaled prooT of possession structure; 
extracting a key identifier from said proof of possession structure; and 
calculating a correct key identifier from said subject public key 

information. 
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4. (original) The method of claim 3, wherein the accuracy of said plurality of 
data fields Is verified if: 

$uid host name is matched with an identity of said target host system; 
said extracted password is validated as a valid password for the end user; 

and 

said extracted key identi Tier is matched with said correct key identifier 
calculated from said subject public key information. 

5. (original) The method of claim 3, wherein said extracted password and said 
extracted key identifier arc initially symmetrically encrypted. 

6. (original) The method or claim 3, wherein said extracted password and 
said extracted key idenlificr arc initially asymmetrically encrypted. 

7. (original) The method ofclaim 1, wherein: 

said plurality of data fields includes a password; and 
said signed object does not include said password. 

S. (previously presented) A storage medium encoded with a machine readable 
computer program code for creating a proof of possession confirmation for inclusion by a 
certification authority into a digital certificate, the digital certificate for use by an end 
user, the storage medium including instructions for causing a computer to implement a 
method, the method comprising: 

receiving, from the certification authority in response to a ccrti ficate 
request by the end user, a plurality of data fields corresponding to a target host system, the 
identity of the end user, and a proof of identity possession by die end user; 

analyzing the contenl of said plurality of data fields; 

verifying the accuracy of said plurality ordata fields; and 
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if said plurality of data fields is verified as accurate, sending a signed 
object to the certification authority, said signed object comprising the proof of possession 
confirmation, wherein said proof of possession confirmation is constructed in a manner 
so as to prevent replay attacks by an impostor. 

9. (original) The storage medium ofclaim 8, wherein said plurality ordala 
fields further comprises: 

a host name; 

a subject identification; 

a subject public key information; and 

a sealed proof of possession, 

10. (original) The storage medium ofclaim 9, wherein analyzing the content 
of said plurality of data fields further comprises: 

decrypting a proof of possession structure from said sealed proof oT 

possession; 

extracting a password from said sealed proof of possession structure; 
extracting a key identifier from said proof of possession structure; and 
calculating a correct key identifier from said subject public key 

information, 

1 L (original) The storage medium of claim 10, wherein the accuracy of said 
plurality of data fields is verified if; 

said host name is matched with an identity of said target host system; 
said extracted password is validated as a valid password for the end user; 

and 

said extracted key identifier is matched with said correct key identifier 
calculated from said subject public key information. 
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12. (origiual) The storage medium of claim 10, wherein said extracted 
password and said extracted key identifier are initially symmetrically encrypted. 

1 3. (original) The storage medium of claim 1 0, wherein said extracted 
password and said extracted key identifier arc initially asymmetrically encrypted. 

14. (original) The storage medium of claim 8, wherein; 

said plurality of data fields includes a password; and 
said signed object does not include said password. 

15. (previously presented) A computer data signal, embodied in a carrier wave 
for creating a proof of possession confirmation for inclusion by a certification authority 
into a digital certificate, the digital certificate for use by an end user, the computer data 
signal comprising code configured to cause a processor to implement a method, the 
method comprising: 

receiving;, from the certification authority in response to a certificate 
request by the end user, a plurality of data fields corresponding to a target host system, the 
identity of the end user, and aproofofidentity possession by the end user; 

analyzing the content of said plurality of data fields; 

verifying Ihe accuracy of said plurality of data fields; and 

if said plurality of data fields is verified as accurate, sending a signed 
ohjecL to the certification authority, said signed object comprising the proof of possession 
confirmation, wherein said proof of possession confirmation is constructed in a manner 
80 as to prevent replay attacks by an impostor. 

16. (original) The computer data signal of claim 1 5, wherein said plurality of 
data fields further comprises: 

a host name; 

a subject identification; 
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a subject public key information; and 
a sealed proof of possession. 

1 7. (original) The computer data signal of claim 16, wherein analyzing the 
content of said plurality of data fields further comprises: 

decrypting a proof of possession slructure from said scaled proofof 

possession; 

extracting a password from said scaled proof ofpossession structure; 
extracting a key identi ficr from said proof of possession structure; and 
calculating a correct key identifier from said subject public key 

information. 

18. (original) The computer data signal of claim 17, wherein the accuracy of 
said plurality of data fields is verified if: 

said host name is matched with an identity of said target host system; 
said extracted password is validated as a valid password for the end user; 

and 

said extracted key identifier is matched with said correct key identifier 
calculated from said subject public key information. 

1 9. (original) The computer data signal of claim 17, wherein said extracted 
password and said extracted key identifier arc initially symmetrically encrypted. 

20. (original) The computer data signal of claim 17, wherein said extracted 
password and said extracted key identifier are initially asymmetrically encrypted. 

2 1 . (original) 'Ilic computer data signal of claim 15, wherein: 

said plurality of data fields includes a password; and 
said signed object docs not include said password. 
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22. (previously presented) The method of claim 2, wherein said scaled proof of 
possession is verifiable for compatibility with at least one other of said plurality ofdala 
fields of said certificate request, 

23. (previously presented) The storage medium of claim D, wherein said sealed 
proof of possession is veri liable for compatibility with at least one other of said plurality 
of data fields of said certificate request. 

24. (previously presented) The computer data signal of claim 16, wherein said 
scaled proof ofpossession is verifiable for compatibility with at least one other of said 
plurality of data fields of said certificate request. 
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